Netflow Daemon Listening UDP Port
Currently Since version 3 of opFlow the default listening port is the more-or-less standard port 9995; for opFlow listening for Netflow data is UDP 12345. This can be changed in the /usr/local/etc/flowd.conf file if requiredinstructing nfdump/nfcapd to use a different port see the opFlow 3 Installation Guide.
(In legacy version 2.x, a different flow collector was used, and the default port was 12345; instructions for changing that can be found in the opFlow 2.x Installation Guide.
Sample Cisco Netflow Configuration
...
| Code Block | ||
|---|---|---|
| ||
! this command is optional, this will flow data about in-progress flows, very handy for large file transfers. ip flow-cache timeout active 1 ! version can be 5 or 9 with 9 add IPV4 template ip flow-export version 5 ip flow-export destination <opflow_server> 12345 ! interface FastEthernet0/0 !only if you want output traffic ip flow ingress !only if you want input traffic ip flow egress |
Sample Juniper J-Flow Configuration for SRX
J-FLow version 5 example (IPV4 only)
To keep things simple if you are only looking at IPV4 traffic then use Version 5 J-Flow example below. As shown
| Code Block |
|---|
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
forwarding-options {
sampling {
input {
rate 100;
#### This means 1 in every 100 packets is sampled DO NOT reduce this to 1 unless the router is very lightly loaded.
}
family inet {
output {
flow-server 192.168.1.1 {
port 12345;
version 5;
### Version 5 is simplest but only supports IPV4
}
}
}
}
} |
J-FLow version 9
J-FLow version 9 supports other protocols such as IPV6 and MPLS . To get good results we recommend you still only use a template for IPV4 with Version 9. There are some subtle differences with the SRX models for the config so please refer to J-Flow SRX version 9 Config Examples
...